Whitelist Request: spotr.tv + dapp.spotr.tv — Legitimate dApp flagged by sponsor-pays-gas pattern

[cnpierrepapi]

Hey @adamdelphantom

I'm the founder of SPOTR -- a cultural opinion market on Solana. Players deposit USDC, pick a side on cultural debate questions, write a 140-character argument, and an AI judge decides who argued better. Winners split the pool proportionally. Think structured debate meets prediction markets, but resolution is argument quality, not capital weight.

The Problem

Phantom is showing the "this dApp could be malicious" warning on every deposit transaction at dapp.spotr.tv. This is killing our UX right at launch.

Why It's Flagged

We use a sponsor-pays-gas model so users never need SOL -- only USDC. The deposit is a standard SPL token transfer (createTransferInstruction from @solana/spl-token). The sponsor wallet is set as tx.feePayer and partial-signs server-side. Phantom/Blowfish sees the different fee payer and flags it.

This is the same pattern recommended by Solana for gasless UX. The transaction itself is completely standard -- no custom program invocation on deposits, just a vanilla SPL transfer to a PDA-owned vault.

What We've Already Done

• Registered on Phantom Portal (App ID: 137ed855-6ddb-4778-b094-a86e39c58d88)
• Passed appId to PhantomWalletAdapter in our wallet provider code
• Submitted whitelist PR: phantom/blocklist#1819 -- all CI checks pass
• Emailed review@phantom.com and review@blowfish.xyz
• Made our repo public for code review: cnpierrepapi/spotr-mvp
• Program deployed and verified on mainnet: 4i5etYNKfu7zfYxCtWxPjxaD6KNmgvrr22CZqLTWv16u
• Successful mainnet deposits + admin withdrawals confirmed on-chain
• Preflight simulation enabled (skipPreflight: false)

Verification Links

What	Link
Landing site	spotr.tv
Dapp	dapp.spotr.tv
Program (Solscan)	4i5etYNK...
Source code	cnpierrepapi/spotr-mvp
Program source	programs/spotr/src/lib.rs
Whitelist PR	phantom/blocklist#1819
Deposit tx	2XkaDdqx...
Admin claim tx	HZh1HmE4...

The Program Is Minimal

The on-chain program has only 2 active instructions:

1. Initialize -- stores admin pubkey + USDC mint in a Config PDA
2. AdminWithdrawAll -- admin claims vault balance (PDA-signed transfer)

User deposits are plain SPL token transfers -- they don't invoke the program at all. The vault ATA is owned by the Config PDA, so only the program can authorize withdrawals.

What We're Asking

Please review and merge phantom/blocklist#1819, or whitelist spotr.tv and dapp.spotr.tv through your internal process. We've done everything in the checklist -- the warning is the only thing between us and a clean launch.

Happy to provide any additional info. Thank you!

[cnpierrepapi]

Update: Resolved!

Phantom support (William) identified the issue — our signing order was incorrect. The sponsor (fee payer) was signing before the user wallet. We reversed it:

1. Server builds unsigned tx
2. Phantom signs first via signTransaction()
3. Server adds sponsor partialSign() and submits

The warning is now gone. Deposits working cleanly on mainnet.

Thanks to Phantom support for the quick and clear guidance. This should help other devs using the sponsor-pays-gas pattern.